Chapter 3. Building a Linux Firewall

3.0. Introduction

In this chapter, you’ll learn how to build a Linux
iptables firewall from scratch. While the recipes
are aimed at DSL and cable Internet users, they also work for T1/E1
customers. In fact, a Linux box with a T1 interface card is a great
alternative to expensive commercial routers. If you’re a normal business
user and not an ISP that needs Buicksized routers handling routing
tables with hundreds of thousands of entries, then Linux on good-quality
x86 hardware will serve your needs just fine.

A Linux border firewall can provide security and share an Internet
connection for a whole LAN, which can contain Linux, Windows, Mac, and
other PCs. A host firewall protects a single PC. There are a multitude
of hardware choices for your fire-wall box, from small single-board
computers, to recycled old PCs, to rackmount units. Any Linux
distribution contains everything you need to build a sophisticated,
configurable, reliable firewall on any hardware.

Definitions and roles get a bit blurry, as an
iptables firewall does both packet filtering and
routing. You could call it a filtering router.

iptables is the key to making everything
work. Having a solid understanding of how iptables
works and how to write custom rules will give you mighty network guru
powers. Please study Oskar Andreasson’s Iptables Tutorial (http://iptables-tutorial.frozentux.net/) and Craig Hunt’s
TCP/IP Network Administration (O’Reilly) to get a deeper understanding of how ...

The best content for your career. Discover unlimited learning
on demand for around $1/day.